From 03ca1bc47742ec1b3a09811fd7d5023ad44b2dc2 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sat, 27 Jun 2026 13:23:52 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=20Fix=20insecure=20predictable=20t?=
 =?UTF-8?q?emporary=20file=20creation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: sunnylqm <615282+sunnylqm@users.noreply.github.com>
---
 src/utils/app-info-parser/aab.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/utils/app-info-parser/aab.ts b/src/utils/app-info-parser/aab.ts
index d8cb665..4460696 100644
--- a/src/utils/app-info-parser/aab.ts
+++ b/src/utils/app-info-parser/aab.ts
@@ -57,8 +57,8 @@ export class AabParser extends Zip {
       });
 
     // Create a temp file for the .apks output
-    const tempDir = os.tmpdir();
-    const tempApksPath = path.join(tempDir, `temp-${Date.now()}.apks`);
+    const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'bundletool-'));
+    const tempApksPath = path.join(tempDir, 'output.apks');
 
     const needsNpxDownload = async () => {
       try {
@@ -155,8 +155,8 @@ export class AabParser extends Zip {
       });
     } finally {
       // Cleanup
-      if (await fs.pathExists(tempApksPath)) {
-        await fs.remove(tempApksPath);
+      if (await fs.pathExists(tempDir)) {
+        await fs.remove(tempDir);
       }
     }
   }